Q1. The BEST method of demonstrating a company's security level to potential customers is 

A. a report from an external auditor. 

B. responding to a customer's security questionnaire. 

C. a formal report from an internal auditor. 

D. a site visit by a customer's security team. 

View Answer

Q2. In Business Continuity Planning (BCP), what is the importance of documenting business processes? 

A. Provides senior management with decision-making tools 

B. Establishes and adopts ongoing testing and maintenance strategies 

C. Defines who will perform which functions during a disaster or emergency 

D. Provides an understanding of the organization's interdependencies 

View Answer

Q3. An organization's data policy MUST include a data retention period which is based on 

A. application dismissal. 

B. business procedures. 

C. digital certificates expiration. 

D. regulatory compliance. 

View Answer

Q4. By allowing storage communications to run on top of Transmission Control 

Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the 

A. confidentiality of the traffic is protected. 

B. opportunity to sniff network traffic exists. 

C. opportunity for device identity spoofing is eliminated. 

D. storage devices are protected against availability attacks. 

View Answer

Q5. During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant. 

What is the best approach for the CISO? 

During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant. 

What is the best approach for the CISO? 

A. Document the system as high risk 

B. Perform a vulnerability assessment 

C. Perform a quantitative threat assessment 

D. Notate the information and move on 

View Answer

Q6. Which of the following prevents improper aggregation of privileges in Role Based Access Control (RBAC)? 

A. Hierarchical inheritance 

B. Dynamic separation of duties 

C. The Clark-Wilson security model 

D. The Bell-LaPadula security model 

View Answer

Q7. DRAG DROP 

During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant. 

What is the best approach for the CISO? 

Below are the common phases to creating a Business Continuity/Disaster Recovery (BC/DR) plan. Drag the remaining BC\DR phases to the appropriate corresponding location. 

View Answer

Q8. What is the GREATEST challenge to identifying data leaks? 

A. Available technical tools that enable user activity monitoring. 

B. Documented asset classification policy and clear labeling of assets. 

C. Senior management cooperation in investigating suspicious behavior. 

D. Law enforcement participation to apprehend and interrogate suspects. 

View Answer

Q9. The overall goal of a penetration test is to determine a system's 

A. ability to withstand an attack. 

B. capacity management. 

C. error recovery capabilities. 

D. reliability under stress. 

View Answer

Q10. In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network? 

A. Application Layer 

B. Physical Layer 

C. Data-Link Layer 

D. Network Layer 

View Answer